diff --git a/documentation/RELEASE_NOTES.html b/documentation/RELEASE_NOTES.html
index 63f8880a7..25f0eac62 100644
--- a/documentation/RELEASE_NOTES.html
+++ b/documentation/RELEASE_NOTES.html
@@ -26,6 +26,28 @@ release.</p>
 
 -->
 
+<h3>ACF Hostname from DNS</h3>
+
+<p>ACF hostname has so far been a string provided by a CA client,
+which may or may not agree with DNS.  An option is now available
+to cause IOCs to resolve hostnames, and compare against the actual
+client IP address.</p>
+<p> This resolution is done at ACF file load time,
+which has two consequences.</p>
+
+<ul>
+<li>Slow/unavailable DNS will cause problems during ACF file
+loading.  eg. during IOC start.</li>
+<li>Changes in host -> IP mapping will not be picked up until/unless
+the ACF file is reloaded.</li>
+</ul>
+
+<p>This may be enabled with:</p>
+
+<blockquote><pre>
+var("asCheckClientIP",1)
+</pre></blockquote>
+
 <h3>Launchpad Bugs</h3>
 
 <p>The list of tracked bugs fixed in this release can be found on the
diff --git a/modules/database/src/ioc/rsrv/camessage.c b/modules/database/src/ioc/rsrv/camessage.c
index 40448d018..f54bb4888 100644
--- a/modules/database/src/ioc/rsrv/camessage.c
+++ b/modules/database/src/ioc/rsrv/camessage.c
@@ -862,9 +862,9 @@ static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
     }
 
     /* after all validation */
-    if(asUseIP) {
+    if(asCheckClientIP) {
 
-        DLOG (2, ( "CAS: host_name_action for \"%s\" ignores clist provided host name\n",
+        DLOG (2, ( "CAS: host_name_action for \"%s\" ignores client provided host name\n",
             client->pHostName ) );
         return RSRV_OK;
     }
diff --git a/modules/database/src/ioc/rsrv/caservertask.c b/modules/database/src/ioc/rsrv/caservertask.c
index 048487b20..7a9ae63b3 100644
--- a/modules/database/src/ioc/rsrv/caservertask.c
+++ b/modules/database/src/ioc/rsrv/caservertask.c
@@ -1421,7 +1421,7 @@ struct client *create_tcp_client (SOCKET sock , const osiSockAddr *peerAddr)
     }
 
     client->addr = peerAddr->ia;
-    if(asUseIP) {
+    if(asCheckClientIP) {
         epicsUInt32 ip = ntohl(client->addr.sin_addr.s_addr);
         client->pHostName = malloc(24);
         if(!client->pHostName) {
diff --git a/modules/libcom/src/as/asLib.h b/modules/libcom/src/as/asLib.h
index b4e5139ce..a29cf3b65 100644
--- a/modules/libcom/src/as/asLib.h
+++ b/modules/libcom/src/as/asLib.h
@@ -24,7 +24,7 @@ extern "C" {
 /* 0 - Use (unverified) client provided host name string.
  * 1 - Use actual client IP address.  HAG() are resolved to IPs at ACF load time.
  */
-epicsShareExtern int asUseIP;
+epicsShareExtern int asCheckClientIP;
 
 typedef struct asgMember *ASMEMBERPVT;
 typedef struct asgClient *ASCLIENTPVT;
diff --git a/modules/libcom/src/as/asLibRoutines.c b/modules/libcom/src/as/asLibRoutines.c
index ceade030e..e3105facd 100644
--- a/modules/libcom/src/as/asLibRoutines.c
+++ b/modules/libcom/src/as/asLibRoutines.c
@@ -29,7 +29,7 @@
 #include "postfix.h"
 #include "asLib.h"
 
-int asUseIP;
+int asCheckClientIP;
 
 static epicsMutexId asLock;
 #define LOCK epicsMutexMustLock(asLock)
@@ -1210,7 +1210,7 @@ static long asHagAddHost(HAG *phag,const char *host)
     int     len, i;
 
     if (!phag) return 0;
-    if(!asUseIP) {
+    if(!asCheckClientIP) {
         len = strlen(host);
         phagname = asCalloc(1, sizeof(HAGNAME) + len + 1);
         phagname->host = (char *)(phagname + 1);
diff --git a/modules/libcom/src/iocsh/libComRegister.c b/modules/libcom/src/iocsh/libComRegister.c
index 2bbb09f3e..c842dce27 100644
--- a/modules/libcom/src/iocsh/libComRegister.c
+++ b/modules/libcom/src/iocsh/libComRegister.c
@@ -393,7 +393,7 @@ static void installLastResortEventProviderCallFunc(const iocshArgBuf *args)
     installLastResortEventProvider();
 }
 
-static iocshVarDef asUseIPDef = {"asUseIP", iocshArgInt, 0};
+static iocshVarDef asCheckClientIPDef = {"asCheckClientIP", iocshArgInt, 0};
 
 void epicsShareAPI libComRegister(void)
 {
@@ -428,6 +428,6 @@ void epicsShareAPI libComRegister(void)
     iocshRegister(&generalTimeReportFuncDef,generalTimeReportCallFunc);
     iocshRegister(&installLastResortEventProviderFuncDef, installLastResortEventProviderCallFunc);
 
-    asUseIPDef.pval = &asUseIP;
-    iocshRegisterVariable(&asUseIPDef);
+    asCheckClientIPDef.pval = &asCheckClientIP;
+    iocshRegisterVariable(&asCheckClientIPDef);
 }
diff --git a/modules/libcom/test/aslibtest.c b/modules/libcom/test/aslibtest.c
index 367a12426..4237fafb1 100644
--- a/modules/libcom/test/aslibtest.c
+++ b/modules/libcom/test/aslibtest.c
@@ -82,7 +82,7 @@ static const char hostname_config[] = ""
 static void testHostNames(void)
 {
     testDiag("testHostNames()");
-    asUseIP = 0;
+    asCheckClientIP = 0;
 
     testOk1(asInitMem(hostname_config, NULL)==0);
 
@@ -102,7 +102,7 @@ static void testHostNames(void)
     testAccess("ro", 0);
     testAccess("rw", 0);
 
-    setHost("nosuchhost");
+    setHost("guaranteed.invalid.");
 
     testAccess("invalid", 0);
     testAccess("DEFAULT", 0);
@@ -113,7 +113,7 @@ static void testHostNames(void)
 static void testUseIP(void)
 {
     testDiag("testUseIP()");
-    asUseIP = 1;
+    asCheckClientIP = 1;
 
     /* still host names in .acf */
     testOk1(asInitMem(hostname_config, NULL)==0);
@@ -135,7 +135,7 @@ static void testUseIP(void)
     testAccess("ro", 1);
     testAccess("rw", 3);
 
-    setHost("nosuchhost");
+    setHost("guaranteed.invalid.");
 
     testAccess("invalid", 0);
     testAccess("DEFAULT", 0);